CLAIM LISTING 



1 . (Original) A method for tracking the routing of an electronic document, 
comprising: 

embedding a unique identifier within an electronic document; and 
monitoring e-mail messages transmitted from senders to recipients, for 

detection of e-mail messages having the electronic document embedded therewithin 

or attached thereto, based on the unique identifier. 

2. (Original) The method of claim 1 wherein the electronic document is a 
Microsoft Word document. 

3. (Original) The method of claim 1 wherein the electronic document is a 
Microsoft Excel spreadsheet. 

4. (Original) The method of claim 1 wherein the electronic documents is a 
Microsoft PowerPoint presentation. 

5. (Original) The method of claim 1 wherein the electronic document is an 
Adobe PDF document. 

6. (Original) The method of claim 1 wherein the electronic document is an 
HTML document. 

7. (Original) The method of claim 1 wherein the electronic document is an 
XML document. 

8. (Currently Amended) The method of claim 1 further comprising logging a 
recipient of an e-mail message having the electronic document embedded 
therewithin or attached thereto, in an audit record, when said monitoring detects the 
e-mail message , wherein the audit record stores information identifying a distribution 
route of the electronic document . 
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9. (Currently Amended) The method of claim [[8]] 1 further comprising 
logging a sender of an e-mail message having the electronic document embedded 
therewithin or attached thereto, in an audit record, when said monitoring detects the 
e-mail message , wherein the audit record stores information identifying a distribution 
route of the electronic document . 

10. (Currently Amended) The method of claim [[9]] 1 further comprising 
logging a date and time of transmission of an e-mail message having the electronic 
document embedded therewithin or attached thereto, in an audit record, when said 
monitoring detects the e-mail message , wherein the audit record stores information 
identifying a distribution route of the electronic document . 

1 1 . (Currently Amended) The method of claim [[10]] 1 further comprising 
generating a tracking report from audit records[[,]]corresponding to at least one 
specified electronic document, wherein the audit records each stores information 
identifying a distribution route of the specified electronic document . 

1 2. (Currently Amended) The method of claim [[1 0]] 1 further comprising 
generating a tracking report from audit records[[,]] corresponding to at least one 
specified use r, wherein the audit records each stores information identifying a 
distribution route of an electronic document . 

13. (Currently Amended) The method of claim [[10]] 1 further comprising 
generating a tracking report from [[the]] audit records[[,]] corresponding to a 
specified time period , wherein the audit records each stores information identifying a 
distribution route of electronic documents during . 

14. (Currently Amended) The method of claim 1 further comprising logging 
[[the]] a most recent file name of a file storing the electronic document, in an audit 
record, when said monitoring detects an e-mail message having the electronic 
document embedded therewithin or attached thereto , wherein the audit record stores 
information identifying a distribution route of the electronic document . 
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15. (Original) The method of claim 1 wherein said monitoring comprises 
authenticating the unique identifier. 

16. (Original) The method of claim 15 further comprising issuing a 
notification if said authenticating fails to authenticate the unique identifier. 

17. (Original) The method of claim 1 further comprising: 

examining an access control policy to determine whether or not permission is 
granted to transmit the electronic document to a recipient of an e-mail message 
having the electronic document embedded therewithin or attached thereto; and 

causing transmission of the e-mail message to the recipient to be blocked, if 
said examining determines that permission is not granted. 

18. (Original) The method of claim 17 further comprising issuing a 
notification about said causing to be blocked. 

1 9. (Currently Amended) A system for tracking the routing of an electronic 
document, the system comprising one or more tangible computer-readable media 
collectively storing instructions encoding compr i sing : 

an auto mark e r auto-marking module for embedding a unique identifier within 
an electronic document; and 

a traffic monitor for monitoring e-mail messages transmitted from senders to 
recipients, and for detecting e-mail messages having the electronic document 
embedded therewithin or attached thereto, based on the unique identifier. 

20. (Original) The system of claim 19 wherein the electronic document is a 
Microsoft Word document. 

21 . (Original) The system of claim 19 wherein the electronic document is a 
Microsoft Excel spreadsheet. 

22. (Original) The system of claim 19 wherein the electronic document is a 
Microsoft PowerPoint presentation. 
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23. (Original) The system of claim 19 wherein the electronic document is an 
Adobe PDF document. 

24. (Original) The system of claim 19 wherein the electronic document is an 
HTML document. 

25. (Original) The system of claim 19 wherein the electronic document is an 
XML document. 

26. (Currently Amended) The system of claim 19 wherein the one or more 
media further store instructions encoding furth e r compr i s i ng an auditor for logging a 
recipient of an e-mail message having the electronic document embedded 
therewithin or attached thereto, in an audit record, when said traffic monitor detects 
the e-mail message , wherein the audit record stores information identifying a 
distribution route of the electronic document . 

27. (Currently Amended) The system of claim 19 [[26]] wherein the one or 
more media further store instructions encoding furth e r compr i s i ng an auditor for 
logging a sender of an e-mail message having the electronic document embedded 
therewithin or attached thereto, in an audit record, when said traffic monitor detects 
the e-mail message , wherein the audit record stores information identifying a 
distribution route of the electronic document . 

28. (Currently Amended) The system of claim 19 rr2711 wherein the one or 
more media further store instructions encoding furth e r compri si ng an auditor for 
logging a date and time of transmission of an e-mail message having the electronic 
document embedded therewithin or attached thereto, in an audit record, when said 
traffic monitor detects the e-mail message , wherein the audit record stores 
information identifying a distribution route of the electronic document . 

29. (Currently Amended) The system of claim 19 [[28]] wherein the one ore 
more media further store instructions encoding furth e r compr i s i ng a reporter for 
generating a tracking report from audit records[[,]] corresponding to at least one 
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specified electronic document , wherein the audit records each stores information 
identifying a distribution route of the specified electronic document . 

30. (Currently Amended) The system of claim 19 [[28]] wherein the one or 
more media further store instructions encoding further compr i s i ng a reporter for 
generating a tracking report from audit records[[,]] corresponding to at least one 
specified use r, wherein the audit records each stores information identifying a 
distribution route of the electronic document . 

31 . (Currently Amended) The system of claim 19 [[28]] wherein the one or 
more media further store instructions encoding furth e r compris i ng a reporter for 
generating a tracking report from audit records[[,]] corresponding to a specified time 
period , wherein the audit records each stores information identifying a distribution 
route of the electronic document . 

32. (Currently Amended) The system of claim 19 wherein the one or more 
media further store instructions encoding furthor compr i s i ng an auditor for logging 
the most recent file name of a file storing the electronic document, in an audit record, 
when said traffic monitor detects an e-mail message having the electronic document 
embedded therewithin or attached thereto , wherein the audit record stores 
information identifying a distribution route of the electronic document . 

33. (Currently Amended) The system of claim 1 9 wherein the one or more 
media further store instructions encoding furth e r compr isi ng a scanner for 
authenticating the unique identifier. 

34. (Currently Amended) The system of claim 19 [[33]] wherein the one or 
more media further store instructions encoding furthor compr i s i ng a notifier for 
issuing a notification if said authenticating fails to authenticate the unique identifier. 

35. (Currently Amended) The system of claim 19 wherein the one or more 
media further store instructions encoding: furthor compr i s i ng: 

a policy manager for examining an access control policy to determine whether 
or not permission is granted to transmit the electronic document to a recipient of an 
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e-mail message having the electronic document embedded therewithin or attached 
thereto; and 

a policy enforcer for causing transmission of the e-mail message to the 
recipient to be blocked, if said policy manager determines that permission is not 
granted. 

36. (Currently Amended) The system of claim 35 wherein the one or more 
media further store instructions encoding further compr i s i ng a notifier for issuing a 
notification about said policy enforcer causing transmission of the e-mail message to 
be blocked. 

37. (Canceled) 

38. (Original) A method for tracking the routing of an electronic document, 
comprising: 

embedding a unique identifier within an electronic document; and 
monitoring transmitted network packets, for detection of network packets 
containing the electronic document, based on the unique identifier. 

39. (Currently Amended) The method of claim 38 further comprising logging 
an audit record of the transmission, when a network packet containing the electronic 
document is detected by said monitoring , wherein the audit record stores information 
identifying a distribution route of the electronic document . 

40. (Original) The method of claim 39 wherein said logging includes logging 
a date and time of the transmission in the audit record. 

41. (Original) The method of claim 39 wherein said logging includes logging 
a destination of the transmission in the audit record. 

42. (Original) The method of claim 38 wherein said monitoring monitors 
networks packets transmitted internally within an organization network. 
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43. (Original) The method of claim 38 wherein said monitoring monitors 
networks packets transmitted from within an organization network to outside of the 
organization network. 

44. (Original) The method of claim 38 wherein said monitoring monitors 
networks packets transmitted to an organization network from outside of the 
organization network. 

45. (Original) The method of claim 38 wherein the network packets are 
transmitted in response to an FTP download. 

46. (Original) The method of claim 38 wherein the network packets are 
transmitted in response to an HTTP download. 

47. (Original) The method of claim 38 wherein the network packets are 
transmitted in response to an Instant Messenger download. 

48. (Currently Amended) A system for tracking the routing of an electronic 
document , the system comprising one or more tangible computer readable media 
collectively storing instructions encoding: compr i s i ng: 

an auto - mark e r an auto-marking module for embedding a unique identifier 
within an electronic document; and 

a traffic monitor for monitoring transmitted network packets, and for detection 
of network packets containing the electronic document, based on the unique 
identifier. 

49. (Currently Amended) The system of claim 48 wherein the one or more 
media further store instructions encoding furthor compr i s i ng an auditor for logging 
transmission information in an audit record of tho transm i ss i on when a network 
packet containing the electronic document is detected by said traffic monitor 
wherein the audit record stores information identifying a distribution route of the 
electronic document . 
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50. (Currently Amended) The system of claim 49 wherein said auditor logs a 
date and time of the network packet's transmission of the transmiss i on in the audit 
record. 

51 . (Currently Amended) The system of claim 49 wherein said auditor logs a 
destination for the network packet of th e transm i ss i on in the audit record. 

52. (Original) The system of claim 48 wherein said traffic monitor monitors 
networks packets transmitted internally within an organization network. 

53. (Original) The system of claim 48 wherein said traffic monitor monitors 
networks packets transmitted from within an organization network to outside of the 
organization network. 

54. (Original) The system of claim 48 wherein said traffic monitor monitors 
networks packets transmitted to an organization network from outside of the 
organization network. 

55. (Original) The system of claim 48 wherein the network packets are 
transmitted in response to an FTP download. 

56. (Original) The system of claim 48 wherein the network packets are 
transmitted in response to an HTTP download. 

57. (Original) The system of claim 48 wherein the network packets are 
transmitted in response to an Instant Messenger download. 

58. (Canceled) 

59. (Original) A method for controlling distribution of an electronic document 
within computer networks, comprising: 

intercepting e-mail messages being transmitted from senders to recipients; 
scanning the intercepted e-mail messages for detection of a specified 
electronic document embedded therein or attached thereto; 
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examining a policy to determine whether or not transmission of the document 
to a recipient is permitted, if said scanning detects an e-mail message having the 
electronic document embedded therein or attached thereto; and 

causing transmission of the document to the recipient to be blocked, if said 
examining determines that transmission is not permitted. 

60. (Original) The method of claim 59 wherein said scanning detects the 
electronic document based on a unique identifier embedded therewithin. 

61 . (Original) The method of claim 59 wherein the policy indicates recipients 
permitted to access the electronic document. 

62. (Original) The method of claim 59 wherein the policy indicates recipients 
not permitted to access the electronic document. 

63. (Original) The method of claim 59 wherein the policy indicates senders 
permitted to send the electronic document. 

64. (Original) The method of claim 59 wherein the policy indicates senders 
not permitted to send the electronic document. 

65. (Original) The method of claim 59 further comprising issuing a 
notification, if said examining determines that transmission is not permitted. 

66. (Currently Amended) The method of claim 59 further comprising 
generating an audit record to record transmission of the electronic document via an 
e-mail message, if said examining determines that transmission is permittedi 
wherein the audit record stores information identifying a distribution route of the 
electronic document . 

67. (Currently Amended) A system for controlling distribution of an electronic 
document within computer networks , the system comprising one or more tangible 
computer-readable media collectively storing instructions encoding compr i s i ng : 
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a traffic monitor for intercepting e-mail messages being transmitted from 
senders to recipients; 

a scanner for scanning the intercepted e-mail messages, and for detecting a 
specified electronic document embedded therein or attached thereto; 

a policy manager for examining a policy to determine whether or not 
transmission of the document to a recipient of an e-mail message is permitted; and 

a policy enforcer for causing transmission of the document to the recipient to 
be blocked. 

68. (Original) The system of claim 67 wherein said scanner detects the 
electronic document based on a unique identifier embedded therewithin. 

69. (Original) The system of claim 67 wherein the policy indicates recipients 
permitted to access the electronic document. 

70. (Original) The system of claim 67 wherein the policy indicates recipients 
not permitted to access the electronic document. 

71 . (Original) The system of claim 67 wherein the policy indicates senders 
permitted to send the electronic document. 

72. (Original) The system of claim 67 wherein the policy indicates senders 
not permitted to send the electronic document. 

73. (Currently Amended) The system of claim 67 wherein the one or more 
media further store instructions encoding further compr i s i ng a notifier for issuing a 
notification, if said examining determines that transmission is not permitted. 

74. (Currently Amended) The system of claim 67 wherein the one or more 
media further store instructions encoding furth e r compr i s i ng an auditor for 
generating an audit record, to record transmission of the electronic document via an 
e-mail message, if said policy manager determines that transmission is permittedi 
wherein the audit record stores information identifying a distribution route of the 
electronic document . 
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75. (Canceled) 



76. (Original) A method for controlling distribution of an electronic document 
within computer networks, comprising: 

intercepting network packets transmitted over a computer network; 

scanning the intercepted network packets for detection of network packets 
containing a specified electronic document; 

examining a policy to determine whether or not transmission of the specified 
electronic document is permitted, if said scanning detects a network packet 
containing the specified electronic document; and 

causing transmission of the document to be blocked, if said examining 
determines that transmission is not permitted. 

77. (Original) The method of claim 76 wherein said scanning detects the 
specified electronic document based on a unique identifier embedded therewithin. 

78. (Original) The method of claim 76 wherein the policy indicates recipients 
permitted to access the specified electronic document. 

79. (Original) The method of claim 76 wherein the policy indicates recipients 
not permitted to access the specified electronic document. 

80. (Original) The method of claim 76 wherein the network packets are 
transmitted in response to an FTP download. 

81. (Original) The method of claim 76 wherein the network packets are 
transmitted in response to an HTTP download. 

82. (Original) The method of claim 76 wherein the network packets are 
transmitted in response to an Instant Messenger download. 



60644-801 1 .US01/LEGAL1 3720482. 1 



12 



83. (Currently Amended) A system for controlling distribution of an electronic 
document within computer networks , the system comprising one or more tangible 
computer-readable media collectively storing instructions encoding: compris i ng: 

a traffic monitor for intercepting network packets transmitted over a computer 
network; 

a scanner for scanning the intercepted network packets and for detecting 
network packets containing a specified electronic document; 

a policy manager for examining a policy to determine whether or not 
transmission of the specified electronic document is permitted; and 

a policy enforcer for causing transmission of the document to be blocked. 

84. (Original) The system of claim 83 wherein said scanner detects the 
specified electronic document based on a unique identifier embedded therewithin. 

85. (Original) The system of claim 83 wherein the policy indicates recipients 
permitted to access the specified electronic document. 

86. (Original) The system of claim 83 wherein the policy indicates recipients 
not permitted to access the specified electronic document. 

87. (Original) The system of claim 83 wherein the network packets are 
transmitted in response to an FTP download. 

88. (Original) The system of claim 83 wherein the network packets are 
transmitted in response to an HTTP download. 

89. (Original) The system of claim 83 wherein the network packets are 
transmitted in response to an Instant Messenger download. 

90. (Canceled) 
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